Boosting agility and improving security with an application network

As waves of
digital disruption wash through all industry sectors, organisations are facing
two key challenges. They need to increase the clockspeed of their businesses
while at the same time ensuring their IT infrastructures remain secure.

A recent survey conducted by MuleSoft of 800 IT professionals
points to a wider problem: Almost 80 percent of IT budgets are spent on simply
maintaining existing infrastructures rather than on transformative initiatives
to drive innovation. At the same time, research shows 60 percent of businesses
will suffer a major service failure due to an inability of the IT security team
to manage digital risk in new technology and use cases.

As a result,
improving agility and security can seem at odds, but they don’t have to be. It
is possible to create a corporate culture of continuous innovation while
weaving security principles into the design of every application and data
access point. Organisations can create a framework for faster innovation and
build in security by design through the creation of application networks, which
are networks of applications, data and devices connected with APIs to make them
pluggable and to create reusable services.

The challenge of connectivity

To get the
most value from IT systems, organisations find they must increasingly connect
these systems and it's tempting to do this in a one-off fashion. As a new
system is added, a new integration connection is added as well.

This type of
point-to-point integration is extremely common and can appear to work well at
first. The IT team assesses the integration needs, quickly writes some custom
code to solve it and congratulates itself on dealing with the problem on time
and on budget.

However, over
time, an organisation can end up with a complex mess of connections that
actually inhibits it from moving forward. When everything is hardwired to
everything, nothing can move without breaking everything else.

In order for
systems to work together properly, connectivity must become a strategic
business discipline and not be driven on a project-by-project basis.

Some
organisations compound this connectivity problem through “shadow IT.” Under
this scenario, departments within an organisation source IT resources directly
rather than through the central IT department.

While this
method helps departments secure access to the resources they require, it can
also put the organisation and its sensitive data at risk. Too often, IT and
security teams end up fire fighting problems that arise from the use of shadow
IT. They become so busy putting out fires that they don't have time to build
frameworks for best practice and build partnerships with the rest of the
business.

A strategic
integration discipline, like API-led connectivity, can harness the impulses
behind the creation of shadow IT and turn them into business assets.

Juggling
agility and security requires a fresh take on application development and data
sharing. Rather than a traditional monolithic approach undertaken by a central
IT department, well-defined and well-fortified nodes can be created using an
API-led approach.

Each of these
nodes, designed and built by the teams that need them, will have security best
practices baked in at the point of design. These nodes are then connected
through APIs, which are standardised, well-defined entry points that are easy
to visualise and secure.

As more
systems are connected, there is no need to create new connections. Instead, the
organisation can reuse those already in place and managed by the IT security
team. This approach, therefore, allows an organisation to move faster while at
the same time allowing the IT team to maintain control.

What emerges
is an application network, organised around well-defined building blocks linked
using APIs. Security is built in because each API effectively becomes a secured
doorway. IT teams can maintain security of these doorways in a number of ways.
They can determine who has permission to enter, what authentication is required
to enter, what each user has access to and what alarms should ring if anything
goes wrong.

Another
advantage of adopting an application network is that it creates secure boxes in
which people can operate. Developers don’t have to be security experts,
identity experts, or even domain experts as each of those functions can be
handled centrally. By creating new assets from reusable components, developers
can continually reduce their area of attack as they are not introducing
additional, unchecked access to data or systems.

Implementing an application network

There are
defined steps IT teams can take to boost agility while improving security
through deployment of an application network. They include:

1.
Meet with business leaders: Discover what projects the business is
planning, what data they currently have access to, what data they are trying to
expose and the ways in which they want to use it. Proactively helping to solve
problems for the wider business as opposed to just being the endpoint will put
valuable assets in the hands of development teams to drive innovation and
differentiation.

2.
Develop APIs: Once the goals of the business are defined, work to
create well-defined and well-structured APIs that allow others to expose or
access the data. This, in turn, will reduce the business’ exposed surface area
because all entrance and exit points will be identified.

3.
Create visibility: Visibility is great for security as well as the
business. It allows the business to make data-driven decisions and allows the
IT team to understand what applications access which nodes and backend systems.

In an
application network, any digital asset can be quickly and securely discovered
and reused by the broader organisation. From the very first project, the nodes
of the network are built with all the intrinsic qualities of the network in
them -- secure, easy to change, discoverable, self-served, ready for reuse,
modular and composable. As a result, the speed with which every subsequent
project is delivered begins to accelerate, and the businesses clockspeed begins
to quicken.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.